We use cookies and similar technologies to recognize your repeat visits and preferences, to measure the effectiveness of campaigns, and improve our websites. For settings and more information about cookies, view our Cookie Policy. By clicking “I accept” on this banner or using our site, you consent to the use of cookies.

All these little tricks you use to create randomness? Hate to break it to you, but they only create the illusion of randomness.

Hackers already know them, and they’ve programmed their cracking tools to look for them automatically. They even program them to start hacks with these sequences.

Because it’s short

Even with all those tricks, you’re probably not applying the most important thing about a good password: it is long.

Very long.

Like 20+ characters long.

Hackers laugh at less.

Because you're using words & sentences

And when you do make your password long, it’s because you string together words. Words than can be found in a dictionary. Dictionaries than can be cycled through by a computer faster than I can write this sentence.

There are an estimated 1,025,000 words in the English language. Do you know how large a text file containing all of those would be? Around 9 MB.

The smartphone you had in 2009 won't sweat crunching those numbers.

To make passwords easier to remember, you also likely have them as a sentence. But this reduces the variables a hacker needs to look for because grammar’s logic is working against you.

Andremovingthespacingbetweenworddoesn’tfoolanyone.

Because you’re using it for several accounts

Your email, your social media account, your bank account, your taxes … hell, even that one time you needed to sign up to useless.com just to see the cute cat pics your friend linked you to on Facebook.

And since your password already sucks (see above), you’re actively making it suck even more.

Because you’re not using a password manager

OK, maybe I was a little mean.

Those patterns you were playing with to make your password seem random a few paragraphs back — they don’t work, but at least your heart was in the right place.

There’s only so far you can take randomness without making it super difficult to remember. And we’re still talking just one password, not the army you need for the average of 26 accounts you likely have.

None of that’s really your fault: you’re only human, after all.

But not using the digital brains of a password manager to generate truly long, unique and random passwords, and have it remember all of them for you?

Because even if you are using a great password, you’re probably not using 2-factor authentication

So you’ve generated a dozen truly random passwords, and you followed our rules to make your master password wicked strong. Well done!

But...

…and you knew this was coming...

…they all still suck because they’re still just passwords: a single method of proving—or authenticating—your identity.

No matter how you cut it, two is better than one. Whether you’re using codes sent to you via SMS text messages or an authenticating app, 2-Factor Authentication will make even the suckiest password better than all the above methods combined.